Integrating scenario- and contract-based verification for automated vessels

Scenario-based verification defines the current state of the art for examining a vessel’s control systems for reliability and safety. However, software updates after release can only be covered to a limited extent. To take changes to a deployed system into account, the design and test phase must be harmonized with the operational phase. For all phases, regulatory, technical and safety requirements provide the scope to which the development process and the scenario-based tests need to be aligned and whose specifications the System under Test (SuT) must adhere to during operation. For this reason, a procedure is needed that converts the requirements into a format that can be utilized across all phases and measured in a structured manner comparing the original system to the updated version. This work does so by combining scenario-based verification methods with formal composition and monitoring techniques based on contract-based design into an integrated development approach. It is shown how safety requirements can be transferred into a Verification Descriptor that in turn provides the foundation for the division into model-based system development, contract-based virtual integration testing and a scenario-based test environment. For the entire lifecycle of the System under Test (SuT) to be included, the extended scenario and contract descriptors are carried forward up to the operational phase, such that the previously defined properties of the SuT can be monitored and validated during runtime. The approach is designed alongside a minimal-viable system and evaluated on an actual implementation of a safety-critical maritime LiDAR-based positioning system.